[CoLoCo] (no subject)

phillip tribble phillip.tribble at gmail.com
Tue Sep 25 22:25:33 BST 2007 

Yes, all of you guys  make a good point. I know when I tried to use a
windows cracking disk that it usually did not work. This Linux method to
change the hard drive just sounds really dangerous. The best security like
you all mentioned is physical security.


On 9/25/07, Kevin Fries <kfries at cctus.com> wrote:
>
> Phillip,
>
> Neal is right.
>
> No system can be secured from physical access.  That is why most large
> companies keep the servers in a secured access room.  Given enough
> processing power, no encryption, or lock mechanism can keep out someone
> who wants in.  Except in the case of the IPhone, nobody will ever get
> that on a Non-AT&T network, lol
>
> Think about it this way... Why do you lock your car?  why do some people
> buy theft deterrent systems, to prevent someone from stealing their car?
> To keep someone from stealing their car? No, because that is impossible.
> All you can do is make it harder and harder to steal that car.  The
> better the system, the harder it is to steal.  But a tow truck can steal
> any car, even one with the club.  The hope is the harder you make it,
> the more likely a thief will just move on to someone elses car.
>
> The same issue occurs with servers.  If I have physical access to the
> server, I can always remove the hard drive, mount it on another system,
> and read the files.  So physical access MUST occur if any real security
> is possible.  So, you either need to encrypt your data, and/or deny
> physical access.
>
> Encryption is another technology that is designed to make it harder, not
> make it impossible.  One of the biggest differences between Windows and
> Linux is that these encryption tools come with Linux, and cost thousands
> and thousands of dollars in Windows.  But always remember, if you can
> encrypt it, somebody will eventually figure out a way to decrypt it.
>
> The other difference between Windows and Linux is the degree to which
> the two systems are secured from network access to your data.  Linux is
> notorious for having bugs, but the vast majority of these bugs usually
> cause crashes or DOS issues.  While Windows has its fair share of these,
> they also have far too many remote execution, virus, and worm problems.
> Some of the remote execution problems are well known and unfixable due
> to Windows's structure.  Microsoft is constantly fighting to close as
> many of these bugs as possible, as quickly as possible to keep their
> customers data safe.  But, Windows is no Linux.  Remote access to the
> data is what most people talk about when they talk about security of one
> OS over another.
>
> You can drive yourself crazy trying to look for every little hole in
> security.  Use some common sense, and you will generally be ok:
>
>   - Keep servers in a physically secure location
>   - If you don't need a service, don't run it
>   - Use chrooting and process separation techniques when available
>   - If data is highly sensitive (ss numbs), encrypt it
>   - Keep your server patched
>   - Don't let your server run more than one version behind current
>   - If data security is important, buy all that is good and wholly, put
>     it on a Linux server!
>
> if your data is highly sensitive (trade secrets, social security
> numbers, credit card data, etc), not only encrypt, but also implement
> intrusion detection tools like snort.
>
> Follow these rules, and you will generally not have any problems.
>
>
> Kevin Fries
> Senior Linux Engineer
> Computer and Communications Technologies, Inc
> a Division of Japan Communications, Inc
>
>
> On Tue, 2007-09-25 at 14:07 -0600, Neal McBurnett wrote:
> > A clear definition of "security" is important here.  It varies for
> > every situation, but often, _availability_ of your computer and files
> > is very important.  So my response is that for both default linux and
> > windows, the availability of recovery mechanisms when you forget your
> > password is a security feature.  Besides that convenient init trick,
> > booting from a CD is often very useful.
> >
> > Of course, if you are really really worried about the risk that
> > someone who can physically access your computer might steal your hard
> > disk or whole computer and read the files, then you want an encrypting
> > filesystem, and there are options like that also.  But you risk losing
> > it all if you forget a password or don't have a USB key or whatever.
> >
> > So linux is very secure, you just have to configure it to your liking.
> >
> > Neal McBurnett                 http://mcburnett.org/neal/
> >
> > On Tue, Sep 25, 2007 at 01:52:19PM -0600, telecon at infosyndicate.netwrote:
> > > On Tue, Sep 25, 2007 at 01:18:24PM -0600, phillip tribble wrote:
> > > > How secure is linux when you can recover a password like this?
> > > >
> > >
> > > How secure is your linux box when someone can walk away with it.
> > >
> > > That is essentially what you just asked.
> > >
> > > Most *nix can be recovered that way, or someway remarkably close.  if
> you have physical access.
> >
>
> --
> Ubuntu-us-co mailing list
> Ubuntu-us-co at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-us-co/attachments/20070925/e6c47cd4/attachment.htm

More information about the Ubuntu-us-co mailing list